Saturday, September 19, 2009

renaming user accounts - why not?

This post is intended as a short investigation into the effects and pitfalls of manually renaming a user account from the command line.
Saying "don't do it" is all well and good but I hope to explain some of the trickiness that is involved, if you insist on doing it, and also say a bit about what will be broken.

Okay so here is the scenario using fictional characters from tv/movies:

When Harry met Sally they got all romantic and then after a few years they talk about new laptops.

Harry gives his Ubuntu Linux laptop to Sally and says it's all setup for the internet and everything and my password is 12344321. Just rename the harry account to sally and your good to go.

Sally is comfortable with the command line and wants to try out Harry's suggestion as an exercise. (from now on sally is in pink as a visual aid)
I assume from here on in that you know the VI editor or Emacs editor (my preferred) but will just refer to VI in this post.

*Warning: This post is of the 'do not do it' kind and should you follow any and all of it's numbered steps you may render your user account unusable. If you are in a hurry then skip the long lesson and just read about usermod at the end of the post*

(1) Use vipw to change the user account name from harry to sally.
You will also have to then do the same using vipw -s command.

(2) Use vigr to change all occurrences of harry to sally.
You will also have to then do the same using vigr -s command.

If you were to try and log in between steps 1 and 2 above, then you would be able to login but the privileges you would have as a user would not be as you expect them to be.

Now you have dealt with the login side of things, you login as yourself (sally) and see that issuing pwd to show current working directory displays /home/harry (which does not look right at all!)

Worse still a quick peek in /home/harry/.sane/xsane/xsane.rc gives a horror story illustrating why some configuration files are going to break for sure if you rush into step (3):

sally@laptop:~$ fgrep -B1 -A1 harry /home/harry/.sane/xsane/xsane.rc

(3) mv /home/harry /home/sally
Do not do the above please :- here is where I decide to abandon my initial approach and consider things a bit more carefully.

Essentially if this were a server then you might have a slightly better chance of attacking this problem using the blunt approach detailed so far. However this is a laptop/desktop machine and so unless you really are a Gnome/KDE/WindowMaker/GNUstep expert then you best just stay well clear of trying steps (1), (2), (3).

In fact I did just follow steps (1) and (2) on my machine and so I am going to reverse what I did, to put things back the way they were, before proceeding further.

Now here I review my real aim and state how I will achieve it:

Aim: To keep the system uid number that harry owned and all the group privileges but have everything appear marked sally. All data files (not configuration files) from harry to be made available and owned by sally.

Solution Approach (long way round):
  1. Create a fresh sally account before you start hacking around yourself.
  2. Give the new account a password of your choice and log in to that account in Gnome, KDE, WindowMaker/GNUstep (whatever desktops you use)
  3. Copy the data files from /home/harry to /home/sally
  4. Issue the cd and find commands shown below***
  5. Using vipw and vipw -s commands (i) make harry have home of /home/sally (ii) swap the system uids of harry and sally.
  6. Using vigr and vigr -s commands change all occurrences of harry to sally ensuring you deal with any duplicate situation. (Changing audio:x:29:pulse,harry,sally to be audio:x:29:pulse,sally,sally would be a duplication situation and just remove the second occurence of sally so it now reads audio:x:29:pulse,sally [ Note: Do not make any alterations to the first field (to the left of the first colon) ]
  7. Now use vigr and vigr -s to deal with just the first field so interchanging harry for sally (only if they appear in the first field on your system setup)
  8. Login to sally using password 12344321 and check everything seems okay.
cd /home/
find sally/ -type d -user sally -exec chown harry {} \;
find sally/ -type f -user sally -exec chown harry {} \;
(You might also want a further two find commands that make use of the -group switch but I leave that as an exercise for the reader)

Assuming everything went okay you are free to remove the harry account altogether when you see fit.

An alternative approach to all of the above, that should work, and is perhaps a lot easier is to use involves the usermod command. You would however have to peek in /etc/passwd to get harry's system uid and manually remove the harry account before issuing usermod so as to avoid non-uniqueness issue:-
The uid given with the -u option is already in use. (from unix command)
(usermod on Linux has -o option if you want to do the usermod above a different way)

I hope this post illustrated a few reasons to not just dive in and start reassigning things between user accounts without careful consideration.

If you already did and you have websearched here because you are stuck, then thoroughly understanding what goes on in steps 1 to 7 above might help you figure out a way of backing out from what you have done :)

Where did the fictional characters pictured/linked above come from:

No comments: